The version of the Elasticsearch client on my production server is 1.1.1
I need to update it because I had to use a function like "field_value_factor" which is not supported in this specific version. It's not a problem to loose the existing indexes. This is the commands lines I have imagined :
/etc/init.d/elasticsearch stop
dpkg -r elasticsearch
dpkg -i elasticsearch-1.4.1.deb
update-rc.d elasticsearch defaults 95 10
What do you think ?
Related
Based on this post, haproxy has provided mitigation acls rules that can be used to help fight against log4j attack requests getting proxied to the affected log4j apps.
In reading some of the users comments, It came to my attention that many Enterprise Linux Haproxy system out there might be running an older haproxy version 1.5 which doesn't have the option http-buffer-request directive. This directive is critical to any CVE you are trying to mitigate, even more so if this is your only option until you can upgrade the affected applications.
what is the easiest way to upgrade and to what version?
Answering my own question...
Haproxy 1.6 is needed, however RH provides haproxy 1.8 from the RHSCL repo
Make sure these repos are active on the system and install haproxy1.8
subscription-manager repos --enable=rhel-7-server-optional-rpms --enable=rhel-7-server-rpms --enable=rhel-server-rhscl-7-rpms
yum install -y rh-haproxy18.x86_64
cat the current config into the 1.8 cfg file and run a quick test config
cat /etc/haproxy/haproxy.cfg > /etc/opt/rh/rh-haproxy18/haproxy/haproxy.cfg
/opt/rh/rh-haproxy18/root/usr/sbin/haproxy -c -V -f /etc/opt/rh/rh-haproxy18/haproxy/haproxy.cfg
^ correct any warns or alert errors, In my experience, its mainly directive order or check port strings on your backend services. this is relatively simple to search the net for and correct
nano /etc/opt/rh/rh-haproxy18/haproxy/haproxy.cfg
Add the ACLS Rules, use unique names if using more than one listener/frontend in the cfg so they don't overlap
systemctl disable --now haproxy && systemctl enable --now rh-haproxy18-haproxy
yum remove -y haproxy && yum install -y rh-haproxy18-haproxy-syspaths.x86_64
^ the rh-haproxy18-haproxy-syspaths.x86_64 package replaced the haproxy service name so you do not have to update the systemctl scripts or even keepalived if you are using it to monitor haproxy service
I use this within keepalived which works before and after
killall -0 haproxy
HAProxy have blogged about this topic.
December/2021 – CVE-2021-44228: Log4Shell Remote Code Execution Mitigation
I used brew to install Elasticsearch and configured via:
http://www.adrianlabastida.com/blog/?p=128#respond
ElasticSearch starts but I can't access localhost:9200 and there isn't any logs I can find for triaging.
Anyone can point me to where the logs could exist on where to track this down?
You'd better download Elasticsearch manually with the flowing steps:
Get the install package https://www.elastic.co/downloads/elasticsearch ,eg:elasticsearch-5.4.0.tar.gz
Unzip it:tar -zxvf elasticsearch-5.4.0.tar.gz
Go to the Elasticsearch folder:yourpath:/elasticsearch-5.4.0
Start it : ./bin/elasticsearch
visit 9200 port:http://localhost:9200/
brew info elasticsearch
The above will show paths to the relevant log files
I had installed x-pack earlier and used it, and hosted Kibana through Nginx.
I yesterday uninstalled x-pack from both elasticsearch and kibana, via
sudo bin/elasticsearch-plugin remove x-pack
and
sudo bin/kibana-plugin remove x-pack
Now, when I try to start elastic, elastic is started, but Kibana does not start when I start kibana.
The Kibana.stdout log says,
{"type":"log","#timestamp":"2017-04-27T06:23:39Z","tags":["info","optimize"],"pid":49497,"message":"Optimizing and caching bundles for kibana, timelion and status_page. This may take a few minutes"}
And Kibana is never started.
The sudo service kibana status says it is running, but sudo netstat -ntlp, I can not find the port 5601.
It is never started. Why so ?
What can be the possible issue ?
Try deleting the kibana/optimize/bundles directory as well as the kibana/optimize/.babel-cache.json file and restarting Kibana. That will trigger a completely fresh rebuild of the Kibana source without x-pack.
Note: If you're using kibana as a system daemon, run the kibana process through the command line once to re-compile the optimize bundle before starting the daemon.
./usr/share/kibana/bin/kibana
I'm trying to setup Shield for Elasticsearch, but had some trouble
When I try to start Elasticsearch like:
/usr/share/elasticsearch/bin/elasticsearch
all work as expected, but when I'm trying to start/restart Elasticsearch like:
/etc/init.d/elasticsearch srart
I've got error described below
[2015-02-17 21:44:09,662][ERROR][shield.audit.logfile ] [Tusk] [rest] [authentication_failed] origin_address=[/192.168.88.17:58291], principal=[es_admin], uri=[/_aliases?pretty=true]
OS: Ubuntu 12.04
Elasticsearch: 1.4.3
Shield: 1.0.1
Elasticsearch and Shield were running with default settings
If your elasticsearch configs are not in /usr/share/elasticsearch but lets say at /etc/elasticsearch
Then just move the usr/share/elasticsearch/config/shield to /etc/elasticseach
Take care that if you start elasticsearch with the user elasticsearch that the new /etc/elasticsearch/shield folder belongs to the user elasticsearch.
If that doesn't make it, then also see this
http://www.elasticsearch.org/guide/en/shield/current/getting-started.html#_configuring_your_environment
Same thing happened with me when i tried to add shield to our elasticsearch cluster to add auth based access to elasticsearch data.
I was on ubuntu 14.04 machine and elasticsearch was installed using a .deb package from elastic-download-link.
Elasticsearch was using a service startup script from
/etc/init.d/elasticsearch
in which the configuration was mentioned as:
# Elasticsearch configuration directory
CONF_DIR=/etc/$NAME
But when i tried to install shield plugin on elasticsearch from this-link
and tried to add user on shield by following es-docs using this command.
sudo bin/shield/esusers useradd es_admin -r admin
shield configuration was being updated in
/usr/share/elasticsearch/config/shield/
but elasticsearch server was expecting configuration files to be in
/etc/elasticsearch/shield/
due to this mismatch in read configuration file for shield and new updated file with newly added users on shield causing this authentication failure.
This can be solved either by moving
/usr/share/elasticsearch/config/shield/
to
/etc/elasticsearch/shield/
or by changing conf file location in
/etc/init.d/elasticsearch
as
# Elasticsearch configuration directory
CONF_DIR=/usr/share/elasticsearch/config/
I'm experimenting with scaling ElasticSearch and want to increase the amount of replicas, but I am unable to index anything if the number_of_replicas is set higher than 1.
I've been able to replicate the issue with a fresh install of ES:
Download and unzip ES
Modify the config/elasticsearch.yml file and set the index.number_of_replicas setting to 2
Run bin/elasticsearch
Index a test document: curl -XPUT 'localhost:9200/test/example/1' -d '{body:"Hello"}'
Timeout
I'm running the latest version of ES (1.2.1) on a Mac OSX 10.9.2. I've also been running ES on an Ubuntu Wheezy VM, but I encountered the same problem there. Setting the number of replicas on an index-basis (using a PUT request) has the same effect. It makes me feel like I'm missing something fundamental.
Power up more ES nodes (see my second comment)